6 matches found
Security Bulletin: Vulnerability in Spring Session affects IBM Process Mining . CVE-2023-20866
Summary There is a vulnerability in Spring Session that could allow a local authenticated attacker to obtain sensitive information. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2023-20866...
CVE-2023-20866
A flaw was found in Spring Session. If using HeaderHttpSessionIdResolver, the session id can be logged to the standard output stream. This may log sensitive information and could be used by an attacker for session hijacking...
cn.herodotus.engine:access-sdk-all (>=3.0.1.0 <=3.0.4.2), cn.herodotus.engine:access-sdk-justauth (>=3.0.1.0 <=3.0.4.2) +85 more potentially affected by CVE-2023-20866 via org.springframework.session:spring-session-core (=3.0.0)
org.springframework.session:spring-session-core MAVEN version =3.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.springframework.session:spring-session-core and may be impacted: - cn.herodotus.engine:access-sdk-all =3.0.1.0, =3.0.1.0, =3.0.1.0,...
CVE-2023-20866
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...
CVE-2023-20866
In Spring Session version 3.0.0, the session id can be logged to the standard output stream. This vulnerability exposes sensitive information to those who have access to the application logs and can be used for session hijacking. Specifically, an application is vulnerable if it is using...
CVE-2023-20866
CVE-2023-20866 affects Spring Session 3.0.0, where the session ID can be logged to standard output when using HeaderHttpSessionIdResolver. This leaks sensitive information from logs and can enable session hijacking. The NVD/CVSS data indicates a base score of 6.5 (MEDIUM) with high confidentialit...